Fokirtor You Too

Bear Giles | November 27, 2013

There’s a Linux backdoor in the wild. It isn’t widespread but it’s conceptually simple and copycats are a real possibility. Do not be complacent because you run Linux.

See Fokirtor [Schneier on Security], Linux Covert Channel Explains Why NSM Matters [TAOsecurity], and Linux Back Door Uses Covert Communication Protocol [Symantic].

On the Java side – again do not be complacent just because you use Bouncy Castle instead of OpenSSL. I can think of at least three possible attacks off the top of my head. (Register my own https URL handler, use AOP injection around BC methods, or compromise the deployed BC jar itself.) None are trivial but all it takes is one person to write the code and a bored sysadmin looking the other way.

Categories
java, linux, security
Comments rss
Comments rss
Trackback
Trackback

« »

Leave a Reply

You must be logged in to post a comment.